(re-sending this email, last one sent 10/30 15:19 EST and not posted to list, despite that another message was sent to the list successfully only half an hour later.)
Why do default scores not increase with severity? For example, SpamAssassin 3.1.7 has inconsistent progression of default scores in html obfuscation, dates set in the future, and spf marking: score HTML_OBFUSCATE_05_10 1.421 1.169 1.522 1.449 score HTML_OBFUSCATE_10_20 1.936 1.397 2.371 1.770 score HTML_OBFUSCATE_20_30 2.720 2.720 3.145 3.400 score HTML_OBFUSCATE_30_40 2.480 2.480 2.867 2.859 score HTML_OBFUSCATE_40_50 2.160 2.160 2.498 2.640 score HTML_OBFUSCATE_50_60 2.049 2.061 2.342 2.031 score HTML_OBFUSCATE_60_70 1.637 1.592 1.892 1.652 score HTML_OBFUSCATE_70_80 1.440 1.507 1.680 1.472 score HTML_OBFUSCATE_80_90 1.244 1.191 1.397 0.982 score HTML_OBFUSCATE_90_100 0 # n=0 n=1 n=2 n=3 score DATE_IN_FUTURE_03_06 2.061 2.007 2.275 1.961 score DATE_IN_FUTURE_06_12 1.680 1.498 1.883 1.668 score DATE_IN_FUTURE_12_24 2.320 2.316 2.775 2.767 score DATE_IN_FUTURE_24_48 2.080 2.080 2.498 2.688 score DATE_IN_FUTURE_48_96 1.680 1.680 1.942 2.100 score DATE_IN_FUTURE_96_XX 1.920 1.888 2.276 2.403 score SPF_NEUTRAL 0 1.379 0 1.069 score SPF_SOFTFAIL 0 1.470 0 1.384 score SPF_FAIL 0 1.333 0 1.142 To keep this message on-topic, I am not commenting about whether the scores are fair to message spaminess. I am asking about their fairness to other relative levels; HTML_OBFUSCATE_80_90 should be higher than HTML_OBFUSCATE_20_30, DATE_IN_FUTURE_96_XX should be higher than DATE_IN_FUTURE_12_24, and SPF_FAIL should be higher than SPF_SOFTFAIL. There are a large number of sets of scores that seem quite arbitrary in their assignment. While I'm happy to see this no longer includes Bayesian scores, it is still a huge surprise. Is there an explanation guide online about how scores are chosen? Is this automated in some manner that seems to get incremental tests weighted based more on frequency than on severity? I try to keep my rules tweaks minor, but my local.cf is getting bigger and bigger... how large is the typical local.cf for servers with 25-100 users? Thank you, Adam Katz
